From: Zofia Grzelewska Date: Tue, 12 Nov 2019 14:27:11 +0000 (+0100) Subject: Label package base paths for SHARED_RO bind mounting X-Git-Tag: submit/tizen/20191128.101053~3 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=cd1f08cc130f4b12f3709b450b2a68fbb68e21f3;p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git Label package base paths for SHARED_RO bind mounting Label $APP_HOME/.shared/$PKG_NAME and $APP_HOME/.shared/$PKG_NAME paths with "User::Home" to allow bind mount in application context. Change-Id: Ib19de4e87766f5a313f1e5e0542e1da8b30f8a40 --- diff --git a/src/common/include/service_impl_utils.h b/src/common/include/service_impl_utils.h index b68b3598..f7e288a9 100644 --- a/src/common/include/service_impl_utils.h +++ b/src/common/include/service_impl_utils.h @@ -40,6 +40,7 @@ bool containSubDir(const std::string &parent, const pkg_paths &paths); int getLegalPkgBaseDirs(const uid_t &uid, const std::string &pkgName, app_install_type installType, + std::string &homePath, std::vector &legalPkgBaseDirs, bool isSharedRO); diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp index 8c88ffa6..b03d7ee9 100644 --- a/src/common/service_impl.cpp +++ b/src/common/service_impl.cpp @@ -332,8 +332,10 @@ int ServiceImpl::labelPaths(const pkg_paths &paths, int authorId; m_privilegeDb.GetPkgAuthorId(pkgName, authorId); + std::string homePath; std::vector pkgLegalBaseDirs; - int ret = getLegalPkgBaseDirs(uid, pkgName, installationType, pkgLegalBaseDirs, isSharedRO); + int ret = getLegalPkgBaseDirs(uid, pkgName, installationType, homePath, + pkgLegalBaseDirs, isSharedRO); if (ret != SECURITY_MANAGER_SUCCESS) { LogError("Failed to generate legal directories for application"); return ret; @@ -343,6 +345,15 @@ int ServiceImpl::labelPaths(const pkg_paths &paths, if (!pathsCheck(paths, pkgLegalBaseDirs)) return SECURITY_MANAGER_ERROR_NOT_PATH_OWNER; + if (isSharedRO) { + // Label shared_ro base paths for bind mounting + std::string sharedPath = homePath + ".shared/" + pkgName; + std::string sharedTmpPath = homePath + ".shared_tmp/" + pkgName; + if (FS::directoryStatus(sharedPath) == 1 && FS::directoryStatus(sharedTmpPath) == 1) { + SmackLabels::setupPkgBasePath(sharedPath); + SmackLabels::setupPkgBasePath(sharedTmpPath); + } + } // register paths for (const auto &pkgPath : paths) { const std::string &path = pkgPath.first; diff --git a/src/common/service_impl_utils.cpp b/src/common/service_impl_utils.cpp index eb1ff7e0..d2bde19b 100644 --- a/src/common/service_impl_utils.cpp +++ b/src/common/service_impl_utils.cpp @@ -100,6 +100,7 @@ std::string realPath(const std::string &path) int getLegalPkgBaseDirs(const uid_t &uid, const std::string &pkgName, app_install_type installType, + std::string &homePath, std::vector &legalPkgDirs, bool isSharedRO) { @@ -108,7 +109,7 @@ int getLegalPkgBaseDirs(const uid_t &uid, bool isSdAvailable = false; bool isSkelAvailable = false; enum tzplatform_variable baseId; - enum tzplatform_variable extendedSdId; + enum tzplatform_variable extendedSdId = _TZPLATFORM_VARIABLES_INVALID_; switch (installType) { case SM_APP_INSTALL_LOCAL: @@ -133,12 +134,13 @@ int getLegalPkgBaseDirs(const uid_t &uid, legalPkgDirs.clear(); - std::string basePath; - if (!getPath(tpc, baseId, pkgName, basePath)) { - LogError("Couldn't generate base path"); + if (!getPath(tpc, baseId, "", homePath)) { + LogError("Couldn't generate home path"); return SECURITY_MANAGER_ERROR_UNKNOWN; } + std::string basePath = homePath + pkgName; + LogDebug("Base path is : " << basePath); legalPkgDirs.push_back(std::move(basePath));